Electronic Signatures in Spain

In Spain, the use of electronic signatures is governed by several key pieces of legislation.

The primary regulation is the EU (European Union) Regulation No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS), which is directly applicable in Spain.

Additionally, the Electronic Signature Act (59/2003) of 19 December 2003 currently regulates electronic signatures, although it is under review, and a new Electronic Signature Act is being negotiated to align domestic legislation with eIDAS, repealing the 59/2003 Act.

The Civil Procedure Act (1/2000) of 7 January 2000, the Electronic Commerce and Information Society Act (34/2002) of 11 July 2002, and Royal Decree 1553/2005 of 23 December 2005, which regulates the issuance of the national identity document and its electronic signature certificates, also contribute to the legal framework.

According to eIDAS, there are three types of electronic signatures: simple electronic signature (SES), advanced electronic signature (AES), and qualified electronic signature (QES).

• Simple Electronic Signature (SES): This can be any form of electronic data associated with a natural person, such as typed signatures or email blocks.
• Advanced Electronic Signature (AES): This is an electronic signature uniquely linked to and capable of identifying the signatory, created using means that the signatory can maintain under their sole control, and linked to data so that any changes are detectable.
• Qualified Electronic Signature (QES): This is generated by a qualified electronic signature creation device and backed by a certificate issued by a qualified trust service provider. It has the same legal validity as a handwritten signature.

SES, AES, and QES are all legally valid, admissible, and enforceable in Spain. However, only QES holds the same legal status as handwritten signatures. The main difference lies in their probative value. Under the current Spanish e-Signature Act and the Spanish Civil Procedure Act, proving the authenticity of SES and AES can be more challenging and typically requires an expert witness report. In contrast, the authenticity of QES is easier to prove, as the party providing the signature only needs to demonstrate that the signature was made using a qualified certificate and meets the QES requirements. The burden of proof generally lies with the party providing the e-signature. However, the upcoming Spanish e-Signature Bill will shift this burden to the challenging party if the signature is a QES.

ZapSign is a simple electronic signature in Spain and thus in the European Union. To ensure the reliability of any non-qualified electronic signature, ZapSign provides a signature report containing all the evidence collected at the time of signing to verify that the document has not been altered and to confirm the identities of the parties. Additionally, security can be increased with authentication methods such as validating a mobile phone or email via OTP, attaching a photo of the signer's face, or an identity document.

Note: ZapSign cannot provide legal advice. It is recommended to consult a lawyer for any legal concerns.